Objective

• Experienced IT professional seeking a position in your organization to contribute my analytical, problem solving and technical skills as a Sr. Enterprise Network Architect and/or Security Consultant/Engineer or SME.

SUMMARY

• 20+ years of experience on various IT companies including Confidential, Confidential, Confidential &T, Confidential, Confidential, TELUS, CNI on their dedicated clients including various US States accounts - California, Pennsylvania, Common Wealth of Kentucky and NewYork.
• Strong experience in Network Security including VPN Tunnels, Firewalls, and application monitoring tools.
• 15+ years of experience providing L2/L3 support as an IT Firewall Admin managing Firewalls and Network Connectivity in an Enterprise IT environment.
• 15+ years of strong experience with administration of Palo Alto. Experience with administration of Checkpoint, and Juniper firewalls.
• Strong Firewall Administration experience with Palo Alto Central Management system (i.e., Panorama).
• Strong experience with administration of corporate Firewall systems: Palo Alto, Checkpoint, Juniper
• Strong experience providing L2/L3 support and administration of Firewalls, Network Infrastructures, and Network Connectivity.
• 20+ years of advanced working expertise of Virtual Data Center (vCenter) and Cloud Design / Operating Environments (AWS, Azure) and, LAN technologies (HSRP, STP, VLANs and IP-subnetting).
• 20+ years of strong working expertise of Network Architectures and Routing (V6, SDN, SDWAN, MPLS, etc.) and WLAN technologies (Controllers, WAPs, Cisco Prime and 802.11 fundamentals).
• 20+ years of working expertise systems: IDS, IPS SDP, IDP, CDN, TCP/IP, MPLS, RSVP-TE and LDP.
• 20+ years of advanced working expertise FISMA, NIST, FEDRAMP, CNSSI 1253, PCI, SOC and routing protocols (BGP, EIGRP, OSPF, ARP, Spanning tree, IS-IS) and IPV4/IPV6 addressing and subnetting. Also, IDS/ IPS solutions, DNS, DHCP, SSL certs.
• 20+ years of advanced working expertise of network security (firewalls, ACL etc.) and network management and monitoring and AAA protocols (SNMP, RMON, RADIUS). Also, System and Network Management Systems and Architecture (ITSM).
• 20+ years of advanced working experience on SDN, SDWAN, VNS Environments.
• 20+ years of advanced working experience Virtual Private Networks (VPNs) design including Site-to-Site VPN, Remote VPN, EVPN, Cloud VPN.
• Advanced technical and troubleshooting experience on designing and implementing Nexus 9K, 7K, 5K, 2K as well as L3/L4 troubleshooting skill. Also, Network Security products including IDS & IPS, Confidential Guardium, Confidential QRadar, Confidential QRoC, CrowdStrike, Threat Model
• 20 +years of experience Network and Systems Management Protocols as SNMP, NetConf, and Netflow on WAN Protocols: BGP, Frame Relay, PPP, X.25 line, T1, ISDN and DSL.
• 10+ years of experience working with technologies such as AWS Cloud, Confidential VPC (Virtual Private Cloud), Confidential CPC (CIO Private Cloud), Confidential Hybrid Cloud, Confidential Softlayer, and AI
• 15+ years of extensive hands on experience and troubleshooting on sessions/packets initiated on VzB MS Servers to Customer CPE: ICMP, SNMP, NTP, TRACEROUTE, TELNET, SSH, TFTP, FTP, SCP, HTTP, HTTPS/SSL, SQL, TCP 1691, VNC, MSRDC.
• Advanced technical and troubleshooting experience on prod and test env on Vz network such as: SevOne, Kafka, Metal, SMARTS 10, AppDynamics, Assureone, DevOps, ESP, ETMS, ForgeRock, SMR, TRIPWIRE
• Advanced technical experience and design on prod and test deployment in Vz secure domain built for DREN.
• 15+ years of extensive experience and troubleshooting on sessions/packets initiated from customer CPE to VzB MS Servers: NTP, TACACS+, RADIUS, FTP, TFTP, SYSLOG, TRACEROUE
• 15+ years of experience on Network performance engineering using APIs - Python and Tableau
• 15+ years of experience on http watch tool. I’ve expertise on HTTP headers - HTTP cookies - Status codes and errors - Query Strings - POST Data - Content - image, textual and binary - Timings.
• 15+ years of experience Splunk REST API. I’ve expertise on the Splunk Enterprise REST API on various methods or steps to access every product or feature.
• 15+ years of experience on ThousandEyes BGP Monitoring. I’ve expertise on collects data from a number of monitoring points around the world and visualizes global routing topologies, to and from network, and determined where routing changes affect performance and take proactive steps with the service providers.
• 15+ years of experience on Riverbed networking tools as Riverbed ARX, Steel Central API, Riverbed ATX.
• 20+ years of experience with planning, designing, configuring and implementing enterprise networks (Wide Area and Data Center) using technology products such as Cisco ASR, Cisco 9k/7k/5k, Cisco ACI, or VMware NSX.
• 20+ years of experience in Enterprise storage protocols, including FC, FCoIP, FCoE, and iSCSI.
• 20+ years of experience ability to interface with specialists in other areas to execute a cohesive strategy
• 20 +years’ solid experience technical buildout projects of network infrastructure of F5 Load Balancers, Virtual Firewalls (Vyatta) version 6.6 with DMVPN, Multicast Routing, and SNMPv3.
• 20+ years of experience in application load-balancing such as AVI Netscaler, F5 LTM, F5 GTM and F5APM
• 20+ years of experience extensive knowledge of TCP/IP protocol stack operations Extensive knowledge of LAN technologies like VLANs, STP, Ether Channels, Fabric Path etc.
• 20+ years of working with IP networking and protocols IPV4, IPV6, TCP/IP, BGP, OSPF, EGRP.
• 20+ years of experience of network security solutions (Firewalls, VPN gateways, and Proxies) Knowledge of Network implementations in operating systems, (UN*X, Windows, etc.) hypervisors (VMWare, Hyper-V, etc.), as well containers (Docker, K8S, WPAR, etc.) with respect to security.
• 20+ years of technical and professional expertise experience with Software Defined Networking solutions
• 20+ years of highly desirable experience with Dev/Ops CI/CD pipeline implementations, planning, designing, configuring and implementing Next-Generation firewalls, web and content filtering solutions using technology products such as FortiGate, Zscaler, Cisco FirePower, and Cisco Meraki.
• 15+ years of extensive experience on Cisco Wireless (WLAN), Cisco ISE, Packet Capture, Netflow, Wireshark
• 15+ years of experience of administrating/designing network security/firewall devices Cisco ASA 5516 & 5520.
• 15 +year’s hands on experience with multi-vendor network devices like Cisco, Nexus, Juniper, and Nortel etc.
• 20+ years of experience as level 3 troubleshooting for data center Cisco devices as Cisco 1800, 2900, 3700, 3800 and Chassis 4500 & 6500 series.
• 15+year’s progressive experience in a large multi-national enterprise network environment includes core routing and switching for USA Federal Government project, Confidential Insurance (Global), TD Bank (USA & Canada), BMO (Global), Confidential (USA & Canada), TELUS, Bell, Confidential &T, Confidential, C&W, BT.
• 20+ year’s hands on experience in network management and security tools includes Tivoli Netview 6000 for UNIX v7.1.3, VitalQIP v6.1 sp1, VitalNet v10, CiscoWorks, VitalNet v10.0, eHealth 5.0.
• 20+years’ experience on WAN optimization/ Network Performance Management solution and deployed various model of enterprise level Steelhead/Riverbed devices in the data center as well as remote branches.
• 15 + years of extensive hands on experience on Cisco Wireless (WLAN) installation & configuration, Cisco ISE with Cisco ISE 3300 Series Appliance installed with Cisco ISE 1.1.4 IOS on the ISE 3300 Series and legacy NAC and ACS appliances. Also, Cisco SNS-3400 Series Appliances with Cisco ISE 1.1.4 ISO image.

PROFESSIONAL EXPERIENCE

Confidential

Sr. Network Architect / Security Consultant

Responsibilities:

• I was a lead Network Architect/Engineer for the Confidential MNSO to review Federal Firewall Filter request prior to approve for the prod implementation.
• Day-to-day worked on with L2/L3 systems maintenance, troubleshooting and support.
• Day-to-day worked on as a Network administration, network switching and routing, TCP/IP protocols, Internet services (DNS, FTP, etc.)
• Day-to-day worked on maintained a strong understanding of current IT security risks and vulnerabilities.
• I was a lead Network Architect to maintained Federal MASTER Network Inventory document for audit purpose.
• I also have GSA Tier 2 Clearance to work any US Federal Account.
• We used to have Office hours call every Friday to share thought leadership in the product and application security space
• Worked on Secure Software Development Lifecycle (SSDLC) on automation
• Worked with the product teams to perform security design/code reviews and vulnerability assessment
• Worked on security guidance to engineering and product teams.
• Built threat models and conduct risk assessments for new features and services.
• Created application threat models and provide guidance on effective countermeasures
• Contributed to security architecture and assist in building and rolling out processes for secure code development and deployment involving truly cutting edge technology
• Provided subject matter expertise on encryption, security controls, and secure design and programming practices across the Technology organization
• Contributed to security policy, standards, and guidelines related to Information Security
• Evaluated and operationalize new technologies for securing the organization
• Created security user stories and security test cases for products that are tailored to the product attributes and technology
• Supported and advised the product owner and product development teams by ensuring technical and architectural feasibility, readiness and compliance.
• Experienced with secure SDLC, governance and compliance for PCI, FedRAMP and NIST
• Worked as a lead Network Architect for multiple projects including the followings design and review with federal security team:
• I was a lead Network Architect for multiple projects including the followings design and review with fSecurity:
• DREN (Defense Research and Engineering Network (DREN)
• I was lead Network Architect for the dedicated new secure domain built with pure IPv6 infrastructure non-prod and production environment for the DREN client
• It was involved HLA (High Level Design) and LLD (Low Level Design) to approved by the Federal Security team and DREN technical team
• Dedicated domain built for prod and non-prod with the requirements Federal Applications (SMARTS10, SNMPCE, TOOLS, AVI, etc) to be running
• Federal Firewall Interconnect document prepared for the security review and submission for the implementation
• HBF (Host Based Firewall) document prepared and obtain Federal approval for the implementation fUSP (Unified Service Profile) replacing Federal CMDB
• I was a lead Network Architect for a New Managed Network Solution design and implement in the Federal Environment for Federal USP
• It was including High and Low Level Design and Implementation
• OCI test environment built for non-prod
• I was a lead Network Architect for the Walgreens under MNSO contract over 7500 locations (US & UK)
• Walgreensdedicated Domain buildout
• Server builds are done and handed off to app owners
• Infra review (confirm router and firewall build against protocol matrix) to verify Global Policy is implemented.
• Checkpoint hardware for permanent firewall setup in Vz Data Center
• Hardware/software orders and PO issuance
• TRR completed with IPv4 and IPv6 information
• Configuration templates prepared
• IPv4 and IPv6 Network build
• Firewall built, BGP established, temporary policy in place.
• I was lead Network Architect to deploy AppDynamics in Federal Environment in Confidential Data Center.
• AppDynamics was required to be deployed by the Federal security to monitor all Federal Applications
• Designed High and Low Level Architecture with Federal security approval
• AppDynamics Infrastructure was built in dedicated domain in Federal Environment in Confidential Data Center.
• After infrastructure built I have worked with Federal Application POC’s for the AppDynamics Agents installed.
• AppDynamics project was successfully completed within the Federal Time-line.
• Day to day worked on network traffic analysis on Wireshark/SolarWinds for any production outage or issues with the network to find the root cause and provide resolution within a very short time.
• Day to day worked on a different types of network security devices and tools:
• Access control. Antivirus and anti-malware software, Application security,
• Data loss prevention, Distributed denial of service prevention,
• Email security, Firewalls, Mobile device security,
• Network Segmentation, Security information and event management (SIEMs): It’s combine host-based and network-based intrusion detection systems that combine real-time network traffic monitoring with historical data log file
• Worked on day-to-day very large Confidential Global Infrastructure with VMWare and Dell environment.
• Day to day worked on a VMware HCX application for the
• Bulk migration used for the host-based replication to move a virtual machine between HCX data centers. To reduce the downtime, the source VM remains online during the replication and is bootstrapped on the destination ESX host after replication completes.
• Worked on day-to-day VMware NSX network virtualization platform to enable the implementation of virtual networks on physical networks and within virtual server infrastructures.

Confidential

Sr. Network Architect/Engineer

Responsibilities:

• I’ve worked on a projects for AECOM client over 7000 locations worldwide for their Network Infrastructure design, support, maintain and installation services remotely 24 x 7 x 365.
• I’ve developed best practices and tools to ensure the successful delivery of solutions to business partners.
• I’ve advanced working expertise on AECOM network infrastructure monitored by Solar winds.
• Maximized networking performance by monitoring performance, troubleshooting network problems and outages, scheduling upgrades and collaborating with network architects on network optimization.
• Developed a variety of technical tasks as part of designing the infrastructure in existing Infrastructure and provides technical support for both current and future needs.
• I’ve provided expertise to identified and translate system and business requirements into design documents and drawings.
• I’ve highly technical client-oriented design documents to illustrate solution strategy and deployment plans.
• I’ve provided landscape for current trends, directions and methods to improve and enhance existing network, server, storage, and end-point infrastructure.
• Developed, organizes and performs extensive testing scenarios for various solutions.
• I’ve validated hardware needed and assures that the specifications in the core networks designs meet standards and organizational goals.
• I’ve participates in ongoing design and engineering efforts to expand existing applications and systems to cloud infrastructure.
• I’ve helped Serves as the in-house expert and authority in troubleshooting complex network infrastructure technologies (Cisco, F5).
• Worked on development of Next Generation Firewall (NGFW) standards and configurations.
• I’ve always collaborates with Project Managers during the deployment phase of the project. This includes documenting all installation, customization and integration efforts.
• Leads the creation of the configuration deployment procedures and trains integration and field engineers on various networking configurations.
• I always utilize knowledge of ITIL processes and methodology to develop project’s structure and documentation.
• I’ve contributed to the creation and maintenance of the DOE’s Network Standards documents.
• I’ve liaises with vendors to understand key technologies in the marketplace and determine viability of marketplace options regarding compliance with DOE standards.
• Worked to develop documentation to implement solutions in accordance with the DOE’s educational vision.
• I’ve provided expert advice, technical leadership and guidance to IT teams for feasibility, solution architectural designs and options.
• I always maintained a high level of technical knowledge on all relevant software releases and their interaction with various partner platforms.
• Developed a consensus around critical architecture decisions and communicates architecture direction with business and IT teams.
• I always performed complex, hands-on solution design, solution architecture, architecture roadmaps, concepts and developmental tasks required in support of current and new projects.
• I’ve always developed, enhanced, managed and maintained both new and existing solutions, it’s includes: analyzed business requirements to developed technical network solutions designs and their framework. leading teams during the implementation stage and also controlled and reviewing solution implementation.
• I’ve resolved over 1000’s of complex project issues through the implementation of requirements and the management of solution delivery.

Confidential

Sr. Network and System Architect

Responsibilities:

• I’ve worked on a projects for Data Centre closure, re-location for various clients in North America.
• Day-to-day management of company’s network infrastructure, including day-to-day administration design and architecture. Suggested improvements to network performance, capacity and scalability
• I’ve established the networking environment by designing system configuration, directing system installation and defining, documenting and enforcing system standards.
• I’ve designed and implemented new solutions and improve resilience of the current environment.
• Developed, initiated, maintained, and revised policies and procedures for the company’s networking solutions, including core routers, switches, firewall and other networking equipment.
• Leads company’s network design activities and maintains appropriate documentation
• Configured, implemented, tested, and maintained all LAN/WAN components and connections
• Understand and provided necessary evidence for all compliance and security controls.
• Conduct security and compliance related scans, remediating vulnerabilities and other findings as necessary.
• Designed and implemented functional network infrastructure.
• Configured and installed software, servers, routers and other network devices
• Monitored network performance and integrity. Resolved issues that tiers of support have escalated.
• Created, overseen and tested security measures (e.g. access authentication and disaster recovery)
• I’ve undertaken data network fault investigations in local and wide area environments
• I’ve secured network systems by establishing and enforcing policies, and defining and monitoring access.
• I’ve supported and administer firewall environments in line with IT security policy.
• I’ve reported network operational status by gathering and prioritizing information and managing projects.
• I’ve upgraded data network equipment to the latest stable firmware releases.
• I’ve configured routing and switching equipment, hosted IP voice services and firewalls.
• I’ve provided remote support to on-site engineers and end users/customers during installation.
• I’ve provided remote troubleshooting and fault finding if issues occur upon initial installation.
• I’ve undertaken capacity management and audit of IP addressing and hosted devices within data centers.
• I’ve liaise with project management teams, third-line engineers and service desk engineers on a regular basis

Confidential

Sr. Network Architect & Implementation Engineer

Responsibilities:

• I was a lead Sr. Transition Network Architect & Implementation Engineer for State of Kentucky, Bank of New York Melon (BNYM), BMO BANK (US), and AVON for day to day data center infrastructure migration, support and solution.
• I’ve worked on a projects to buildout of network infrastructure on Softlayer environments, including installation and configuration of load balancers, Virtual Private Networks (VPNs), Vyatta, and Fortinet Gateways/Firewalls.
• I’ve worked on a project and completed successfully Cloud migrating to Softlayer in determining the appropriate Domain Name System (DNS), load balancing, redundancy, and fail over requirements for their Cloud applications.
• I’ve maintained Confidential &T and Confidential enterprise IP addressing scheme and shared with internal teams
• Prepared and maintained the network inventory for any upcoming device upgrade from the vendor, to facilitate new requirements, technologies and growth.
• Analyzed and resolved issues on escalated conference calls within SLA with senior management, VP and corporate clients on production environment for provide resolutions.
• Designed and implemented of network fault-tolerance, analyzed network performance, capacity planning, traffic management and management of device configurations for whole network infrastructure
• Recommended new networking technologies to improve performance, reliability and scalability.
• Worked closely with other Network Engineers to plan and complete assigned tasks within deadlines.
• Provided technical expertise across the organization relating to networks, including support to Operations teams in the on-going maintenance and surveillance of related networks and applications.
• Presentation of Roadmap updates or Service Reviews to key Stakeholders.
• Managed up to date overall Visio drawing and share with all customer as well as Confidential &T internal team.
• Conducted research and proof of concept (PoC) for network infrastructure before deploying to production.

Confidential

Sr. Network Architect & Implementation Engineer

Responsibilities:

• I was a lead Network Architect & Implementation Engineer for Freddie Mac, State of California/ Pennsylvania, Welch Allyn for data center migration project including IT Assets (Servers, Storage, Network) as well as L4/L4 support for configuration and troubleshooting during migration for data center switching and routing issues.
• Provided day to day diagnosing and repairing network related issues both onSoft-layerenvironments and Legacy Data centers environments for LAN/WAN/VOICE & Offshore Connectivity for MPLS, LAN & IPSec.
• Designed remote network connectivity for the site-to-site VPN between Soft layer and Confidential data center, as well as Confidential and the 3rd party company example AMEX, MasterCard, VISA, Citi Group, TD BANK, BMO, Confidential &T, Ultima, Triton Data, TCS India, Consistacom, Lant, Hagerty, AWPL, Teradata USA, AudiTex, IBC, GAA.
• I’ve configured, installed, integrated and maintained compliance checking and troubleshooting for LAN/WAN/Voice networks and network security device (Cisco ASA, Virtual Vyatta Firewall).
• I’ve supported L4 support for troubleshooting of internal and external routing (OSPF, EIGRP, BGP) problems and resolved the issues on the call with end user, including isolating and replacing failing hardware.
• Coordinated with multi-vendor network carriers for the projects like Vodafone (UK), Confidential (Global), Confidential &T, Confidential (USA), BT (UK), Bell, C&W (UK), Symcor, Symtec for the project.
• Designed & Implemented Cisco Wireless, Cisco ISE with Cisco ISE 3300 Series Appliance installed with Cisco ISE 1.1.4 IOS on the ISE 3300 Series and legacy NAC and ACS appliances. Also, Cisco SNS-3400 Series Appliances with Cisco ISE 1.1.4 ISO image.
• I’ve lead two large failover testing efforts each year for data center power shutdown and data center failover for SunGard for multiple customer.

Confidential

Sr. Network Architect & Implementation Engineer

Responsibilities:

• Designed and successfully completed Confidential Data Center migration from in-house to Confidential, data center over 14 months’ period Markham and Mississauga.
• Designed MPLS connectivity for remote Confidential offices like Confidential Europe, TCS India, Confidential USA & UK.
• Designed and implemented Cisco VoIP VLANs and subnets for UC/UCCE/UCS installation, branch VLANs for Cisco IP Phones and management VLANs and subnets for UCS.
• Designed and successfully completed MPLS network infrastructure migration from Bell to Telus MPLS.
• Designed and finalized the new Cisco VoIP VLANs and subnets for UC/UCCE/UCS installation, branch VLANs for Cisco IP Phones and management VLANs and Subnets for UCS.
• Managed Visio drawing for Confidential HQ as well as Confidential data center and remote branches.
• Designed configuration /MOP (Method of procedure/Configuration) for LAN/WAN & Voice network.
• I’ve worked on to designed architecture solutions and engineering script for the various project for the LAN/WAN/VoIP infrastructure including Data Center, HQ and remote branches.
• I’ve worked on to developed system installation and configuration (iOS) documents as references.
• I’ve worked on to lead designed activities for network topologies and identify the correct network non-compliance issues.
• I’ve worked on to lead product lifecycle management activities across the Network portfolio.
• I’ve worked on with Enterprise Architect to develop the network roadmap.

Confidential

Sr. Network Analyst

Responsibilities:

• Managed, monitored, analyzed and troubleshoot 24/7 large and complex multi-vendor LAN/WAN for TD network infrastructures includes WebBroker, Easy Web, Telemax, Bank North, TD data center (US, Canada, Australia, UK, Europe, Singapore, Tokyo, India), CGI and Walmart.
• Provided hardware and software upgrades over 10,000+ devices on TD network each year.
• Provided technical support and implementation plans for optical fiber on TD network including: DWDM- system1 & system2, switching & routing, TCP/IP, SMTP, SNMP, PPP, HDLC, Cisco firewalls ASA- 5500 and PIX- 500 series security appliances, VPNs, load balancing, DNS, DHCP, EIGRP, OSPF and BGP, MPLS and Multicast. Supported Ethernet, Fast Ethernet, Gigabit Ethernet, FDDI, ATM, ISDN, Frame Relay 56 Kbps through T1 - T3, E1 to E10, and ATM WAN connectivity employing Codex and Pair Gain CSU/DSUs.
• Secured LAN/WAN barrier systems to prevent unauthorized access to TD systems using Arc Sight console v3.5.2, Nagios, SOC channel for different vendors Sun life, Manulife, Secure mail, HRC, Shell and Air Canada.
• Supported of policy maps routing, MPLS, EVPN, IPSec VPN, VLAN, Spanning Tree, L3 interfaces, HSRP, EIGRP, TCP/IP, on QoS (Quality of Service), ACL (Access Control Lists) issues daily basis.
• I’ve handled over 100+ implementation per month for overall network infrastructure for all clients.
• Highlights of professional attributes
• Strong effective interpersonal skills, comfortable delivering presentations to corporate level VP and CEO.
• Strong team player, flexible, self-motivated and able to prioritize and execute tasks under high-pressure.
• Experienced and in-depth understanding of ITIL best practices. Including Incident management, Problem management, Change management, and Capacity management, Release and Access Management and how to operate a Data Centre network under the ITIL Framework
• Proven track record in working with groups of people and the ability to educate, enthuse, coach and mentor.
• Highlights of key platform exposures:
• Experienced with service provider change requests submissions, clarification and implementations
• Experienced with developed and document repeatable models and Softlayer migration engagement materials.
• Experienced with reviewing multiple change records raised by peers and various support teams regarding configuration standardization, migration requirements, proper risk and impact analysis, adequate test plans and appropriate business and technology approvals.
• Experienced with creating complex network device scripts in critical environments using pearl and various tools to automate configuration changes without risk to the current environment.